-
漏洞信息

漏洞名称:WebSoft Infinity WEB SQL注入漏洞

紧急程度:高危

漏洞类型:SQL注入

发布日期:2004-12-06 00:00:00

更新日期:2005-10-20 00:00:00

攻击路径:远程

详细介绍:

Infinity WEB 1.0版本存在SQL注入漏洞。远程攻击者借助登录页面绕过验证，并提升特权。

-
公告与补丁

It has been reported that the vendor has released a patch dealing with this issue, although this has not been confirmed. Please see the referenced vendor web page and contact the vendor for more information.

-
受影响的程序版本

-
漏洞讨论

Reportedly WebSoft Infinity WEB is affected by an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input.

It is likely that this issue is related to the issue discussed in the vulnerability WebSoft HelpDesk PRO SQL Injection Vulnerability (BID 10613). This BID will be updated when information becomes available.

An attacker might leverage this issue to inject malicious SQL queries or alter existing ones. This would allow the attacker to manipulate database queries to bypass authentication mechanisms; other attack might also be possible.

-
漏洞利用

No exploit is required to leverage this issue.

-
解决方案

It has been reported that the vendor has released a patch dealing with this issue, although this has not been confirmed. Please see the referenced vendor web page and contact the vendor for more information.